Many Android devices vulnerable to session hijacking through the default browser

The default browser in Android versions older than 4.4 has a vulnerability that allows malicious websites to bypass a critical security mechanism and take control of a user's authenticated sessions on other sites.

Story added 16. September 2014, content source with full text you can find at link above.